Main Vulnerability Database Vulnerabilities #VU17866

Improper control of interaction frequency in Moxa products - CVE-2019-6524

Published: February 26, 2019

Vulnerability identifier: #VU17866

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-6524

CWE-ID: CWE-799

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Moxa

Affected software:
Moxa EDS-510A
Moxa EDS-408A
Moxa EDS-405A

Detailed vulnerability description

The vulnerability allows a remote attacker to perform brute-force attack.

The vulnerability exists due to the application does not implement sufficient measures to prevent multiple failed authentication attempts, which makes the switches susceptible to brute force attacks.

How to mitigate CVE-2019-6524

Request updates from vendor's technical support.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
https://www.moxa.com/en/support/product-support/security-advisory/eds-405a-series-eds-408a-series-ed...

Improper control of interaction frequency in Moxa products - CVE-2019-6524

Detailed vulnerability description

How to mitigate CVE-2019-6524

Sources

Please verify you're human